Apple has been facing increased criticism of its privacy practices lately and rightfully so. During CES 2019 last year, the company tried trolling visitors of the annual conference—which it famously does not attend—with a brazenly false piece of advertising: a massive outdoor ad declaring “What happens on your iPhone stays on your iPhone.” Nothing could be further from the truth.
Last week, the Washington Post published the results of one experiment that showed thousands of trackers siphoning data off the iPhone of technology columnist Geoffrey Fowler. “In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic,” he wrote. (Yelp alone was reaching out to grab Fowler’s IP address every five minutes.)
Apple’s big privacy claim was a lie, there’s no other way to put it—even if it did look catchy on the side of a Las Vegas hotel.
This year’s Worldwide Developers Conference (WWDC) saw a few privacy-focused announcements and none that would address all of the tracking issues discovered through Fowler’s experiment. But some options, such as new location sharing features for iOS 13, are a good place for the 43-year-old company to start. Others, such as Apple’s new login system, are exciting and will undoubtedly help consumers shield themselves from data vampires like Facebook.
Here’s every privacy and/or security-related feature, big and small, announced by Apple today:
The first time we heard the word “privacy” on stage Monday it was a reference to the Noise app debuted for Apple Watch. The purpose of the app is to warn users when they’re in environments where sound levels are high enough to negatively impact hearing. “The watch can send a notification if the decibel level reaches 90 decibels, which can begin to impact hearing after four hours per week of exposure at this level, according to the World Health Organization,” Apple says.
Of course, in order for Noise to accomplish this, it needs to have its ears on. This type of always-listening technology scares a lot of people. Alexa users, for instance, freaked out when it was disclosed that actual human employees were listening to recordings taken from Echo devices.
Apple’s VP of health, Dr. Sumbul Desai, issued this promise: “It only periodically samples and does not record or save any audio.” According to Apple, none of the audio or sounds in the environment are saved by the app or sent to Apple; only decibel levels are sampled. That’s good news for users who work in loud environments and want to know if they’re potentially suffering long-term damage, but at the same time value their privacy.
Apple’s policies toward health data didn’t change on Monday, but the company announced a slew of new tracking features for the Health app, including the Noise app and the ability for women to log important information related to their menstrual cycles, called Cycle Tracking. These new features offered the company a good opportunity to emphasize its policies designed to protect what Apple’s senior vice president of software engineering, Craig Federighi, referred to as the most private of all types of personal information.
“Health is using machine learning on your iPhone to determine which highlights might be most interesting to you,” he said. “All of this health data is secured stored in your iPhone or encrypted in iCloud, and since there’s nothing more private than your health information, you control your data. You can decide if you want to share particular health data with select apps, if you’d like to share anything at all.”
Apple’s new login service is easily the biggest security and privacy announcement today. Social login options such as “Login with Facebook” are very popular because they bypass the need for users to create new identities on every single website they visit. In most cases, it’s a one-click profile creation system. But these are also very popular with companies like Facebook because they use this feature to track you and sell your information to marketers.
Apple’s promise is to not track users on “Sign in with Apple” and it will even create a buffer between consumers and the services they use. For instance, Apple will let you share your email account with a service if you want, but it can also generate a unique email address for you, which then forwards pertinent messages to your inbox.
As Gizmodo’s Patrick Howell O’Neill writes: “It’s a smart jab against spam: Not only will you be able to turn off spammy email more easily, but you’ll also be able to see who exactly is sharing and selling your email widely when that random address starts to get spam from companies buying up data.”
As someone who’s had to track down a stolen iPhone before, I’m a big proponent of Find My Phone. Apple announced an upgrade to this system that, at first blush, sounds a little nuts: the ability to locate an iPhone or Macbook, even when they aren’t receiving a signal, using other people’s devices.
According to Apple, this feature will work by forcing the device to occasionally transmit a “secure” Bluetooth signal. Other Apple products will sense the device and transmit its location.
“Let’s say you misplaced your Macbook. Even when it’s offline and sleeping it sends out a secure Bluetooth beacon that can be detected by other people’s Apple devices nearby. They can relay your Macbook’s location to the network and ultimately back to you so you can find it,” Federighi said.
“It uses just tiny bits of data that piggyback on existing network traffic so there’s no need to worry about your battery life, data usage, or your privacy,” he added, emphasizing the entire protocol is end-to-end encrypted and anonymous.
We’ve never seen a feature like this anywhere before, so it’ll be interesting to see how it works in the wild and whether it withstands attempts by independent researchers to exploit it.
Apple is rolling out a simple, no-brainer update to the controls that users have over location data sharing. Finally, there’s a one-time location option.
“For the first time, you can share your location to an app just once and then require it to ask you again next time it wants it. If you do choose to grant an app the ability to continually monitor your location in the background, we’ll give you reports so you’ll know what they’re up to,” said Federighi.
He also noted that many apps try to bypass location-sharing restrictions by scanning for Bluetooth and WiFi signals in the area, which may reveal a users’ location. “We’re shutting the door on that abuse as well,” he said.
Lastly, Apple updates its policies on Monday officially banning the use of embedded trackers in Kids Category apps. We knew this was coming last week, but now it’s official, and here’s the language: “Apps in the Kids Category may not include third-party advertising or analytics.”
Apple also advises developers to “pay particular attention to privacy laws around the world relating to the collection of data from children online.”
Parent’s should keep in mind, this policy does not apply to apps on kids’ phones that aren’t downloaded from the Kids Category. If you don’t want your kids to be tracked, you’ll have to remain vigilant in monitoring which apps they download.